Operational risk quantification : a risk flow approach

IF 0.4 4区经济学 Q4 BUSINESS, FINANCE

Journal of Operational Risk Pub Date : 2010-12-01 DOI:10.21314/JOP.2010.083

G. Finke, Mahender P. Singh, S. Rachev

{"title":"Operational risk quantification : a risk flow approach","authors":"G. Finke, Mahender P. Singh, S. Rachev","doi":"10.21314/JOP.2010.083","DOIUrl":null,"url":null,"abstract":"The topic of operational risk has gained increasing attention in both academic research and in practice. We discuss means to quantify operational risk with specific focus on manufacturing companies. In line with the view of depicting operations of a company using material, financial and information flows, we extend the idea of overlaying the three flows with risk flow to assess operational risk. We demonstrate the application of the risk flow concept by discussing a case study with a consumer goods company. We implemented the model using discrete-event and Monte Carlo simulation techniques. Results from the simulation are evaluated to show how specific parameter changes affect the level of operational risk exposure for this company. Introduction The number of major incidences and catastrophic events affecting global business operations is on the rise. The impact of recent volcano eruption in Iceland, earthquakes around the world, the BP oil spill and financial crisis is making headlines but companies may never know the true extent of the loss. These events reinforce the need for companies to consider operational risk in a more formal manner and act strategically to minimize the negative impact of these and other types of disruptions. Having a better view of operational risks can allow a company to act proactively in many cases to come out unscathed in fact such a capability can be converted into a competitive advantage. Quantification and measurement is an integral part of managing operational risk. The topic of operational risk is very central to the financial industry due to the immediate and very direct impact of the bankruptcy of a financial institution on the economy and businesses. Not surprisingly, therefore, it has attracted a lot of attention from regulators, academics and practitioners alike. Targeted efforts have been made in researching operational risk especially since the Basel II guidelines on its assessment and the building of capital reserves came out in 2001 [1]. But the breadth of the catastrophic disasters mentioned above raises an important question: Is the domain of operational risk measurement too narrowly focused on financial institutions and their risk exposures? Clearly, assessing operational risk exposure is necessary in non-financial companies as well. To this end, we propose a method to quantify operational risk for any organization including non-financial companies. From this point forward, we will use risk and operational risk interchangeably and discuss it in the context of a manufacturing environment. A fundamental issue in studying operational risk is a lack of uniform understanding of its meaning among academics and practitioners. Operational risk has been defined in a variety of ways in the literature so for the purpose of this research, we will adopt the definition proposed by the Basel Committee to define operational risk “as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” [1]. It should be noted that although developed for financial institutions and referring to specific risk elements, this definition is suitable for other industries as well. For more definitions and the historical development of operational risk perception we refer to Cruz [2] and Moosa [3] for extended background information to the topic. In this paper, we will discuss the findings of a project that was completed in 2008/2009 in collaboration between the authors 1 and a Fortune 100 Consumer Packaged Goods company with global footprint, referred to as Company X, the sponsors of the research. Since there are no legislative instruments in place to guide non-financial institutions to build capital reserves for operational risk, Company X, like most other businesses, was focused on understanding the impact of various risks on its overall performance. Indeed, the negative impact on business performance can be directly or indirectly converted into financial terms to gauge the level of risk exposure. We modeled the supply network of Company X using a simulation software package and studied its behavior under different risk scenarios. The rest of the paper is organized as follows. First, we discuss the state of the art with regard to operational risk and its quantification. We then compare and analyze different approaches to operational risk. Next, we propose our model for assessing operational risk, including the introduction to the concept of risk flows and the risk assessment process. A case study is presented to demonstrate the application of the model, followed by a discussion of the results, along with the strategic implications. Conclusions are presented to discuss limitations and potential future research directions. 1 The first two authors were key members of the extended team that worked on this project. Literature Review Many researchers have addressed the topic of operational risk in their work. Different quantification approaches have been proposed and applied. In this section, we will discuss some of the quantification methods available for operational risk and position this paper among the current literature. A majority of the existing literature addresses operational risk of financial institutions with a strong focus on banks. Indeed, insurance companies have also been discussed [4]. Literature not only covers different quantification approaches outlined here [5-10], but also provides background to operational risk such as definitions, categorization and cyclicality [3, 6, 11-15]. The different quantification approaches can be divided into top-down and bottom-up approaches [16]. Top-down approaches use aggregated figures, often derived from financial statements or publicly available information. Little attention is given to the actual sources of risk, limiting the use of these approaches in operational risk management [6, 17]. But the simplicity of implementation has attributed to its popularity. Key among the top-down approaches are the singleand multi-indicator models which assume a correlation between an indicator such as profit and the operational risk exposure. The Basel Committee has also included indicator based quantification methods in their guidelines [1]. Multi-factor regression models use publicly available figures to measure company performance and relate this to input factors of the performance. The residual term is believed to describe operational risk. The CAPM approach is mentioned here only for completeness but its practical relevance and the underlying assumptions limit its validity. Scenario analysis and stress testing are also classified as a quantification approach, but their limitations with regards to expressing risk exposure are obvious. Bottom-up models assess the risk exposure by identifying risk factors at a lower level and aggregating risk to derive the overall level of operational risk. This can be further divided into process-based models and statistical models. Process-based models portray the chain of reaction from event to actual loss. These include Causal models [16, 18, 19], Bayesian models [8, 20], Reliability theory [3, 21] and System Dynamics approach [11]. Statistical models include the value-at-risk approach and the extreme value theory. These are based on the historical loss distribution data. Lambrigger et al. [7] have combined internal and external data with expert opinions using a Bayesian inference method to estimate parameters of frequency and the severity distribution for a Loss Distribution Approach. It should be noted that the above mentioned approaches primarily focus on financial institutions and do not address the specific challenges of risk quantification for manufacturing companies. As mentioned previously, our objective is to propose a general approach to risk quantification that can be applied to non-financial companies as well.","PeriodicalId":54030,"journal":{"name":"Journal of Operational Risk","volume":"24 1","pages":"65-89"},"PeriodicalIF":0.4000,"publicationDate":"2010-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Operational Risk","FirstCategoryId":"96","ListUrlMain":"https://doi.org/10.21314/JOP.2010.083","RegionNum":4,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}

引用次数: 9

Abstract

The topic of operational risk has gained increasing attention in both academic research and in practice. We discuss means to quantify operational risk with specific focus on manufacturing companies. In line with the view of depicting operations of a company using material, financial and information flows, we extend the idea of overlaying the three flows with risk flow to assess operational risk. We demonstrate the application of the risk flow concept by discussing a case study with a consumer goods company. We implemented the model using discrete-event and Monte Carlo simulation techniques. Results from the simulation are evaluated to show how specific parameter changes affect the level of operational risk exposure for this company. Introduction The number of major incidences and catastrophic events affecting global business operations is on the rise. The impact of recent volcano eruption in Iceland, earthquakes around the world, the BP oil spill and financial crisis is making headlines but companies may never know the true extent of the loss. These events reinforce the need for companies to consider operational risk in a more formal manner and act strategically to minimize the negative impact of these and other types of disruptions. Having a better view of operational risks can allow a company to act proactively in many cases to come out unscathed in fact such a capability can be converted into a competitive advantage. Quantification and measurement is an integral part of managing operational risk. The topic of operational risk is very central to the financial industry due to the immediate and very direct impact of the bankruptcy of a financial institution on the economy and businesses. Not surprisingly, therefore, it has attracted a lot of attention from regulators, academics and practitioners alike. Targeted efforts have been made in researching operational risk especially since the Basel II guidelines on its assessment and the building of capital reserves came out in 2001 [1]. But the breadth of the catastrophic disasters mentioned above raises an important question: Is the domain of operational risk measurement too narrowly focused on financial institutions and their risk exposures? Clearly, assessing operational risk exposure is necessary in non-financial companies as well. To this end, we propose a method to quantify operational risk for any organization including non-financial companies. From this point forward, we will use risk and operational risk interchangeably and discuss it in the context of a manufacturing environment. A fundamental issue in studying operational risk is a lack of uniform understanding of its meaning among academics and practitioners. Operational risk has been defined in a variety of ways in the literature so for the purpose of this research, we will adopt the definition proposed by the Basel Committee to define operational risk “as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” [1]. It should be noted that although developed for financial institutions and referring to specific risk elements, this definition is suitable for other industries as well. For more definitions and the historical development of operational risk perception we refer to Cruz [2] and Moosa [3] for extended background information to the topic. In this paper, we will discuss the findings of a project that was completed in 2008/2009 in collaboration between the authors 1 and a Fortune 100 Consumer Packaged Goods company with global footprint, referred to as Company X, the sponsors of the research. Since there are no legislative instruments in place to guide non-financial institutions to build capital reserves for operational risk, Company X, like most other businesses, was focused on understanding the impact of various risks on its overall performance. Indeed, the negative impact on business performance can be directly or indirectly converted into financial terms to gauge the level of risk exposure. We modeled the supply network of Company X using a simulation software package and studied its behavior under different risk scenarios. The rest of the paper is organized as follows. First, we discuss the state of the art with regard to operational risk and its quantification. We then compare and analyze different approaches to operational risk. Next, we propose our model for assessing operational risk, including the introduction to the concept of risk flows and the risk assessment process. A case study is presented to demonstrate the application of the model, followed by a discussion of the results, along with the strategic implications. Conclusions are presented to discuss limitations and potential future research directions. 1 The first two authors were key members of the extended team that worked on this project. Literature Review Many researchers have addressed the topic of operational risk in their work. Different quantification approaches have been proposed and applied. In this section, we will discuss some of the quantification methods available for operational risk and position this paper among the current literature. A majority of the existing literature addresses operational risk of financial institutions with a strong focus on banks. Indeed, insurance companies have also been discussed [4]. Literature not only covers different quantification approaches outlined here [5-10], but also provides background to operational risk such as definitions, categorization and cyclicality [3, 6, 11-15]. The different quantification approaches can be divided into top-down and bottom-up approaches [16]. Top-down approaches use aggregated figures, often derived from financial statements or publicly available information. Little attention is given to the actual sources of risk, limiting the use of these approaches in operational risk management [6, 17]. But the simplicity of implementation has attributed to its popularity. Key among the top-down approaches are the singleand multi-indicator models which assume a correlation between an indicator such as profit and the operational risk exposure. The Basel Committee has also included indicator based quantification methods in their guidelines [1]. Multi-factor regression models use publicly available figures to measure company performance and relate this to input factors of the performance. The residual term is believed to describe operational risk. The CAPM approach is mentioned here only for completeness but its practical relevance and the underlying assumptions limit its validity. Scenario analysis and stress testing are also classified as a quantification approach, but their limitations with regards to expressing risk exposure are obvious. Bottom-up models assess the risk exposure by identifying risk factors at a lower level and aggregating risk to derive the overall level of operational risk. This can be further divided into process-based models and statistical models. Process-based models portray the chain of reaction from event to actual loss. These include Causal models [16, 18, 19], Bayesian models [8, 20], Reliability theory [3, 21] and System Dynamics approach [11]. Statistical models include the value-at-risk approach and the extreme value theory. These are based on the historical loss distribution data. Lambrigger et al. [7] have combined internal and external data with expert opinions using a Bayesian inference method to estimate parameters of frequency and the severity distribution for a Loss Distribution Approach. It should be noted that the above mentioned approaches primarily focus on financial institutions and do not address the specific challenges of risk quantification for manufacturing companies. As mentioned previously, our objective is to propose a general approach to risk quantification that can be applied to non-financial companies as well.

查看原文本刊更多论文

操作风险量化:风险流方法

人们提出并应用了不同的量化方法。在本节中，我们将讨论一些可用于操作风险的量化方法，并将本文置于当前文献中的位置。大多数现有文献解决了金融机构的操作风险，重点关注银行。事实上，保险公司也曾被讨论过。文献不仅涵盖了这里概述的不同量化方法[5-10]，还提供了操作风险的定义、分类和周期性等背景知识[3,6,11 -15]。不同的量化方法可分为自顶向下和自底向上两种方法[b]。自上而下的方法使用汇总数据，这些数据通常来自财务报表或公开信息。由于很少关注风险的实际来源，限制了这些方法在操作风险管理中的使用[6,17]。但实现的简单性归功于它的受欢迎程度。在自上而下的方法中，关键是单指标和多指标模型，这些模型假设利润和操作风险暴露等指标之间存在相关性。巴塞尔委员会还在其指导方针中纳入了基于指标的量化方法。多因素回归模型使用公开数据来衡量公司绩效，并将其与绩效的输入因素联系起来。剩余项被认为是用来描述操作风险的。这里提到CAPM方法只是为了完整性，但它的实际相关性和潜在的假设限制了它的有效性。情景分析和压力测试也被归类为量化方法，但是它们在表达风险暴露方面的局限性是显而易见的。自底向上模型通过识别较低级别的风险因素和汇总风险来得出操作风险的总体水平，从而评估风险暴露。这可以进一步分为基于流程的模型和统计模型。基于过程的模型描绘了从事件到实际损失的反应链。这些方法包括因果模型[16,18,19]、贝叶斯模型[8,20]、可靠性理论[3,21]和系统动力学方法[11]。统计模型包括风险价值法和极值理论。这些都是基于历史损失分布数据。Lambrigger等人使用贝叶斯推理方法将内部和外部数据与专家意见结合起来，估计损失分布法的频率和严重程度分布参数。值得注意的是，上述方法主要关注金融机构，并没有解决制造业企业风险量化的具体挑战。如前所述，我们的目标是提出一种可以应用于非金融公司的风险量化的通用方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Operational Risk BUSINESS, FINANCE-

CiteScore

1.00

自引率

40.00%

发文量

期刊介绍： In December 2017, the Basel Committee published the final version of its standardized measurement approach (SMA) methodology, which will replace the approaches set out in Basel II (ie, the simpler standardized approaches and advanced measurement approach (AMA) that allowed use of internal models) from January 1, 2022. Independently of the Basel III rules, in order to manage and mitigate risks, they still need to be measurable by anyone. The operational risk industry needs to keep that in mind. While the purpose of the now defunct AMA was to find out the level of regulatory capital to protect a firm against operational risks, we still can – and should – use models to estimate operational risk economic capital. Without these, the task of managing and mitigating capital would be incredibly difficult. These internal models are now unshackled from regulatory requirements and can be optimized for managing the daily risks to which financial institutions are exposed. In addition, operational risk models can and should be used for stress tests and Comprehensive Capital Analysis and Review (CCAR). The Journal of Operational Risk also welcomes papers on nonfinancial risks as well as topics including, but not limited to, the following. The modeling and management of operational risk. Recent advances in techniques used to model operational risk, eg, copulas, correlation, aggregate loss distributions, Bayesian methods and extreme value theory. The pricing and hedging of operational risk and/or any risk transfer techniques. Data modeling external loss data, business control factors and scenario analysis. Models used to aggregate different types of data. Causal models that link key risk indicators and macroeconomic factors to operational losses. Regulatory issues, such as Basel II or any other local regulatory issue. Enterprise risk management. Cyber risk. Big data.